As technology has evolved, so have ways to manipulate it for nefarious purposes. Attackers of U.S. military bases, for example, no longer need boots on the ground to gain intelligence. Now, they can hack the Wi-Fi system and access cameras to survey whether a ship has left port or if troops are moving. To learn about the bad actors attempting to infiltrate military systems, three computer science researchers in the Penn State School of Electrical Engineering and Computer Science (EECS) are teaming up to build a "honeypot," a decoy suite of fake networks, devices and domains to entrap and deceive such hackers.
The research team received a two-year, $557,000 grant from the U.S. Army's Combat Capabilities Development Command (DEVCOM), with the possibility of renewal, to fund the cybersecurity honeypot project. While the name has multiple potential origin stories, the researchers likened the approach to luring a bear with a pot of honey.
"We are seeing that hackers are getting very sophisticated, and they're trying to compromise assets from multiple domains, such as air and land, to learn intelligence from both systems," said co-principal investigator Tom La Porta, Evan Pugh Professor and director of EECS. "They can compromise a Wi-Fi network, for example, and see there's a ship on the network. From there, they can hack into the ship's GPS. So, that would be multidomain deception: going from cyber to sea."
Along with co-principal investigators Guohong Cao, distinguished professor of computer science and engineering, and David Miller, professor of electrical engineering, La Porta will work on building sophisticated, multidomain fake networks to attract attackers to upload their malware, so that the researchers can gain information about their adversaries and how they attack.
There must be a consistency across domains, La Porta explained, meaning that all the systems - the Wi-Fi routers, the fake cameras, and smart system devices like light switches and thermostats - must work together to fool hackers. That is because attackers typically verify that a system is legitimate by adjusting a light switch or thermostat and seeing if the camera on the same network reflects the change.
"If the hackers think they have a camera and a light switch in the same room, from a network perspective, the addresses of these device have to look like they'd be on the same network," La Porta said. "To keep track of all the fake devices and networks, we are building a database that has the attributes of every fake device and what its impact on its environment is."
